The program also creates the following registry entry so that the risk executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"baigoo.exe" = "C:\PROGRA~1\baigoo\baigoo.exe"

The program gathers information from the compromised computer when a search engine is used. The program then connects to the following URLs and sends the information to a remote user:
www.baigoo.com
www.yok.com